Skills
skills/flonat/claude-research/literature/Gen Agent Trust Hub

literature

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs dynamic code execution by using exec() to load Python utility functions directly from its markdown documentation files at runtime, specifically for parsing CLI outputs as described in references/scholarly-output-parsing.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from academic databases, web searches, and PDF files, which is then processed by sub-agents and used in synthesis without explicit sanitization or boundary markers.
  • Ingestion points: Academic metadata (OpenAlex, Crossref), web search results (Exa, Google Scholar), and full-text content from arXiv and PDFs.
  • Boundary markers: No specific delimiters or "ignore" instructions are used when interpolating external data into prompts in the agent-templates.md or synthesis.md files.
  • Capability inventory: Extensive capabilities including file system modification (Write, Edit), network requests (curl, wget), and the ability to execute code via uv.
  • Sanitization: No verification or filtering is performed on external data before it influences the agent's reasoning or output.
  • [EXTERNAL_DOWNLOADS]: The skill connects to multiple external academic and AI services (OpenAlex, Crossref, arXiv, Semantic Scholar, OpenRouter) to retrieve research materials and perform grounding searches.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 03:38 AM